beautypg.com

Disabling the aging on interfaces, Configuring the maximum mac addresses per port, Configuring a mac-based vlan for a static host – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 235

background image

Enter the command at the global or interface configuration level.

The denied-mac-only parameter prevents denied sessions from being aged out, but ages out
permitted sessions.

The permitted-mac-only parameter prevents permitted (authenticated and restricted) sessions from
being aged out and ages denied sessions.

Disabling the aging on interfaces

To disable aging on a specific interface where MAC-based VLAN has been enabled, enter the
command at the interface level.

device(config)#interface e 3/1

device(config-if-e1000-3/1)#mac-authentication disable-aging

Syntax: [no] mac-authentication disable-aging

Configuring the maximum MAC addresses per port

To configure the maximum number of MAC addresses allowed per port, use the following commands:

device(config)#interface e 0/1/1

device(config-if-e1000-0/1/1)#mac-authentication mac-vlan max-mac-entries 24

NOTE
32 MAC addresses maximum are allowed per port. This total includes both static and dynamic hosts.
The default number of allowed MACs is 2. Even though the feature supports up tp a maximum of 32
MAC address per physical port, the configuration of the maximum number of MAC addresses per port is
limited by the available hardware resources.

NOTE
To change the maximum MAC addresses per port, you must first disable MAC-based VLAN on that
port.

Configuring a MAC-based VLAN for a static host

Follow the steps given below to configure a MAC-based VLAN for a static host.

1. Enable multi-device port authentication globally using the following command.

device(config)#mac-authentication enable

2. Add each port on which you want MAC-based VLAN enabled as mac-vlan-permit for a specific

VLAN.

device(config)#vlan 10 by port

device(config-vlan-10)#mac-vlan-permit ethernet 0/1/1 to 0/1/6

added mac-vlan-permit ports ethe 0/1/1 to 0/1/6 to port-vlan 10.

3. Add the static MAC-based VLAN configuration on the port.

device(config)#interface e 0/1/1

device(config-if-e1000-0/1/1)#mac-authentication mac-vlan 0000.0010.0011 vlan 10

priority 5

Disabling the aging on interfaces

FastIron Ethernet Switch Security Configuration Guide

235

53-1003088-03

See also other documents in the category Brocade Computer Accessories: